bugzilla-daemon at mindrot.org
2014-Sep-24 14:46 UTC
[Bug 2281] New: sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Bug ID: 2281
Summary: sshd accepts empty arguments in ForceCommand and
VersionAddendum
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: plautrba at redhat.com
Created attachment 2481
--> https://bugzilla.mindrot.org/attachment.cgi?id=2481&action=edit
check for empty arguments in VersionAddendum and ForceCommand
When the mentioned options are specified with white spaces, they are
accepted by the parser. There are missing checks for empty strings in
cp.
# /usr/sbin/sshd -o "ForceCommand " -t
# /usr/sbin/sshd -o "ForceCommand" -t
command-line line 0: Missing argument.
The attached patch fixes it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Apr-17 05:07 UTC
[Bug 2281] sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2360
CC| |dtucker at zip.com.au
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Apr-17 05:10 UTC
[Bug 2281] sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Attachment #2481| |ok?(djm at mindrot.org)
Flags| |
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2481
--> https://bugzilla.mindrot.org/attachment.cgi?id=2481
check for empty arguments in VersionAddendum and ForceCommand
I think we'd also need to add "ForcedCommand none" to allow you to
unset it in a Match block.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Apr-17 06:38 UTC
[Bug 2281] sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2481|ok?(djm at mindrot.org) |ok+
Flags| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2015-Apr-23 04:57 UTC
[Bug 2281] sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Patch applied and will be in the 6.9 release. Thanks.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:04 UTC
[Bug 2281] sshd accepts empty arguments in ForceCommand and VersionAddendum
https://bugzilla.mindrot.org/show_bug.cgi?id=2281
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.